Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in github.com/ctfer-io/monitoring
Vulnerability Description
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Monitoring 访问控制错误漏洞
Vulnerability Description
Monitoring是CTFer.io开源的一个监控数据的收集与处理组件。 Monitoring 0.2.1之前版本存在访问控制错误漏洞,该漏洞源于网络策略编写错误,可能导致恶意攻击者从一个组件横向移动到任何其他命名空间。
CVSS Information
N/A
Vulnerability Type
N/A